Encryption systems generally include public key cryptosystems and common key cryptosystems. Public key cryptosystems use different keys for decryption and encryption, respectively. Typically, a plaintext is encrypted with a public key, and a ciphertext is decrypted with a secret key, to thereby provide secure transmission of the ciphertext. Alternatively, the plaintext may be encrypted with a secret key, and the ciphertext may be decrypted with a public key, to thereby identify the user who encrypted the plaintext. FIG. 1 shows an exemplary configuration of encryption/decryption using a secret key in an encryption device, such as a smartcard. In FIG. 1, an internal encryption/decryption unit of the encryption device processes an input plaintext/ciphertext message using a secret key in a known manner to produce an output ciphertext/plaintext message.
In a processor for the elliptic curve cryptography which is one type of public key encryption, scalar multiplication is used. In the scalar multiplication of a point, a point R that satisfies the equation V=dA, is determined for a scalar value d and a point A on an elliptic curve. For example, for the Diffie-Hellman key distribution in the elliptic curve cryptography, the point represented by V=dA is produced through scalar multiplication by a secret key d.
For scalar multiplication of a point in the binary method, a value V is determined by performing point doubling and point addition in the order from the MSB (most significant bit) to the LSB (least significant bit) of a binary value d. In order to determine a value V for d=21=24+22+20=(10101)2 for example, for the MSB “1”, the value A is added to the initial value V=O (a point at infinity) to produce a value V=A, then for the next significant bit “0”, the resultant value V is multiplied by 2 to generate a value V=A×2, then for the next significant bit “1”, the resultant value V is multiplied by 2 and A is added to the product to produce a value V=(A×2)×2+A, then for the next significant bit “0”, the resultant value V is multiplied by 2 to produce a value V=((A×2)×2+A)×2, and then for the LSB “1”, the resultant value V is multiplied by 2 and A is added to the product to produce a value V=(((A×2)×2+A)×2)×2+A=(24+22+20)A.
A window method for the efficient modular exponentiation is known. The window method is described in Alfred J. Menezes et al., “HANDBOOK OF APPLIED CRYPTOGRAPHY” (CRC press), p. 615, Algorithm 14.82.
FIG. 2 shows an algorithm for determining a scalar multiplication of a point, V=dA, in the elliptic curve cryptography using the window method, where d is expressed as d=(du−1, du−1, . . . d0)2 in binary representation. The algorithm is written in the C language.
Now, the algorithm of FIG. 2 is explained below. First, it generates a table W of values W's that satisfy W[x]=xA for all integers x's such that 0<x<2k. After generating the table W, the u-bit value d=(du−1, du−1, . . . d0)2 is divided into m k-bit sequences bi=(dik+k−1, . . . dik)2(i=0, 1, 2, . . . ), where m=ceiling (u/k). An addition V=V+W[bi] by looking up the value W[bi] (=biA) for bi in the table W, and a multiplication by 2k expressed as V=2kV are performed in order for the most significant sequence bm-1 through the least significant sequence b0, to thereby determine V=dA.
Decryption (analysis) or tampering is attempted by guessing secret information, including the secret key, from available information such as a ciphertext. Power analysis attack which is one form of decryption was devised in 1998 by Paul Kocher. In this power analysis attack, different pieces of input data are provided to the encryption processor included in an encryption device such as a smartcard. During this process, changes in power dissipation over time are measured using an oscilloscope or the like, for example, as shown in FIG. 1, and a statistically sufficient number of power dissipation curves are collected and analyzed to guess key information held within the encryption processor. This power analysis attack can be applied to both of the common key encryption and the public key encryption.
The power analysis attacks include simple power analysis (SPA) and differential power analysis (DPA). The SPA guesses the secret key from the characteristic of a single power dissipation curve taken from the encryption processor. The DPA guesses the secret key by analyzes the differences between many different power dissipation curves (hereinafter referred to as the power difference curves). Generally, the DPA is more powerful than SPA.
For example, SPA and DPA for common key cryptosystems, such as DES (Data Encryption Standard) and AES (Advanced Encryption Standard), are disclosed in Paul Kocher, Joshua Jaffe, and Benjamin Jun, “Differential Power Analysis”, in proceedings of Advances in Cryptology-CRYPTO '99, Lecture Notes in Computer Science, vol. 1666, Springer-Verlag, 1999, pp. 388-397.
SPA and DPA for public key cryptosystems, such as RSA encryption and elliptic curve encryption, are disclosed in, for example, Thomas S. Messerges, Ezzy A. Dabbish, and Robert H. Sloan, “Power Analysis Attacks of Modular Exponentiation in Smartcards”, Cryptographic Hardware and Embedded Systems (CHES '99), Lecture Notes in Computer Science Vol. 1717, Springer-Verlag, pp. 144-157 (Messerges '99), and Jean-Sebastein Coron “Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems”, Cryptographic Hardware and Embedded Systems (CHES '99), Lecture Notes in Computer Science Vol. 1717, Springer-Verlag, pp. 292-302, 1999 (Coron '99).
The elliptic curve cryptosystem is based on the elliptic curve discrete logarithm problem, and was proposed in N. Koblitz (“Elliptic Curve Cryptosystems”, Mathematics of Computers, Vol. 48, pp. 203-209, 1987.) and V. Miller (“Use of elliptic curves in cryptography”, Advances in Cryptology-Proceedings of Crypto '85, Lecture Notes in Computer Science, 218 (1986), Springer-Verlag, pp. 417-426).
The elliptic curve encryption is an arithmetic operation based on scalar multiplication of a point on an elliptic curve. For example, a public key point P lies on an elliptic curve, which is calculated for a publicized point G, called the base point, on the elliptic curve by performing scalar multiplication P=dG of the point G on the elliptic curve by a secret key d which is a scalar value. In key sharing between two parties A and B in accordance with the Diffie-Hellman key sharing scheme using an elliptic curve, the relationship X=dAPB=dBPA is used, where dA and PA represent a pair of the secret key and public key of A, and dB and PB represent a pair of the secret key and public key of B. Scalar multiplication of a point on an elliptic curve is done by repeating the “point addition (ECADD)” and the “point doubling (ECDBL)”. The simplest implementations of the scalar multiplication R=dQ include the binary method (MSB) and binary method (LSB) shown in the following basic Algorithms 1 and 2. In the following description, lower cases (d, etc.) represent scalar values, and upper cases (R, Q, etc.) represent points on the elliptic curve, unless specifically noted otherwise.
<Algorithm 1: Binary Method (MSB)>
T := Qfor i = n−2 downto 0 { T := ECDBL(T) if (di == 0) {   T := ECADD(T, Q)     ...*  }} R := T,where T is a temporary variable, d is an n-bit scalar value,di is the i-th LSB of the value d.      <Algorithm 2: Binary Method (LSB)> T[1] := Q T[0] := O for i = 0 upto n−1 {   if (di == 1) {     T[0] := ECADD(T[0], T[1])  ...*    }   T[1] := ECDBL(T[1])  }  R := T[0],where registers T[0] and T[1] are temporary variables, d is an n-bit scalar value, and di is the i-th LSB of the value d.
When Algorithms 1 and 2 are used for the scalar multiplication of a point, the operation indicated by “*” is performed or not performed, depending on the value of each bit within the secret key value d. The SPA analyzes the secret key d based on this dependency. From many experiments, it is known that the power waveforms observed in the ECDBL operation and the ECADD operation exhibit respective distinctive characteristics and are easily distinguishable. Accordingly, by measuring the power waveforms generated during the operations of Algorithms 1 and 2 in the processor, the secret key d can be determined in accordance with the variations of the order of the ECDBL and ECADD operations and the number of occurrences of these operations determined through analysis of the waveforms.
As a countermeasure against the SPA, a method called add-and-double-always is proposed in Coron '99. This method is secure against the SPA, because the ECADD and ECDBL operations are always performed alternately. Algorithms which are formed by applying the add-and-double-always operation to Algorithms 1 and 2 are shown as Algorithms 3 and 4 below.
<Algorithm 3: Binary Method (MSB, add-and-double-always)>
T[0] := Qfor i = n−2 downto 0 { T[0] := ECDBL(T[0]) T[1] := ECADD(T[0], Q)  T[0] := T[di]}R := T[0],where registers T[0] and T[1] are temporary variables, d is an n-bit scalar value, and di is the i-th LSB of the value d.
<Algorithm 4: Binary Method (LSB, add-and-double-always)>
T[0] := OT[2] := Qfor i = 0 upto n−1 { T[1] := ECADD(T[0], T[2]) T[2] := ECDBL(T[2]) T[0] := T[di]}R := T[0],where registers T[0] and T[1] are temporary variables, d is an n-bit scalar value, and di is the i-th LSB of the value d.
The SPA can be prevented by using Algorithms 3 and 4. However, Coron '99 also describes the DPA for these algorithms, and shows that, Algorithms 3 and 4 can determine the secret key through analysis. Further, Coron '99 proposes a countermeasure against the DPA against Algorithms 3 and 4 by introducing representation of a point on an elliptic curve using a random value or number, called randomized projective coordinates (RPC). Algorithms which are formed by applying the RPC to Algorithms 3 and 4 are shown below as Algorithms 5 and 6, respectively. Each point represented by the RPC on the elliptic curve is indicated by a variable with a prime (′).
<Algorithm 5: Binary Method (MSB, add-and-double-always, RPC)>
T′[2] := RPC(Q)T′[0] := T′[2]for i = n−2 downto 0 { T′[0] := ECDBL(T′[0]) T′[1] := ECADD(T′[0], T′[2])  T′[0] := T′[di]}R   T′[0],where registers T′[0], T′[1] and T′[2] are temporary variables, d is an n-bit scalar value, di is the i-th LSB of the value d, and the symbol “+←” represents the inverse transform of the RPC representation.
FIG. 3 shows a flow diagram of Algorithm 5 which is executed by the processor or encryption/decryption unit as shown in FIG. 1. FIG. 4 shows a block diagram implementing Algorithm 5.
Referring to FIG. 3, at Step 302, the processor assigns or stores the RPC-transformed coordinate value of a point Q into the register T[2]. At Step 304, the processor assigns the value of the register T[2] into the register T[0]. Step 306 is a looping process for a variable i=(n−1), (n−2), . . . , 0. At Step 308 within Step 306, the processor performs the ECDBL operation (point doubling) on the value of the register T[0], and assigns the resultant doubled value or product back into the register T[0]. At Step 310, the processor performs the ECADD operation (point addition) on the value of the register T[0] with the value of the register T[2], and assigns the resultant sum into the register T[1]. At Step 312, the processor assigns the value of the register T[di] into the register T[0] in accordance with the value di of the i-th LSB of the key. Step 312 can become a target of the address-bit DPA. At Step 314, the processor sets i=i−1. After that, the procedure returns to Step 308. After performing Step 306 for i=(n−1), (n−2), . . . , 0, the processor at Step 316 performs the inverse RPC(RPC−1) transform on the value of the register T[0] and provides the inverse transformed value as an output.
<Algorithm 6: Binary Method (LSB, add-and-double-always, RPC)>
T′[0] := OT′[2] := RPC(Q)for i = 0 upto n−1 { T′[1] := ECADD(T′[0], T′[2]) T′[2] := ECDBL(T′[2]) T′[0] := T′[di]}R   T′[0],where registers T′[0], T′[1] and T′[2] are temporary variables, d is an n-bit scalar value, di is the i-th LSB of the value d, and “←” represents the inverse transform of the RPC representation.
FIG. 5 shows a flow diagram of Algorithm 6 which is executed by the processor or encryption/decryption unit as shown in FIG. 1. FIG. 6 shows a block diagram implementing Algorithm 6.
Referring to FIG. 5, at Step 502, the processor assigns the coordinate value of a point 0 into the register T[0]. At Step 504, the processor assigns the RPC-transformed coordinate value of point Q into the register T[2] Step 506 is a looping process for the variable i=0, 1, . . . , (n−1). At Step 508 within Step 506, the processor performs the ECADD operation on the value of the register T[0] with the value of the register T[2], and assigns the resultant sum into the register T[1]. At Step 510, the processor performs the ECDBL operation on the value of the register T[2], and assigns the resultant doubled value back into the register T[2]. At Step 512, the processor assigns the value of the register T[di] into the register T[0] in accordance with the value di of the i-th LSB of the key. Step 512 can become a target of the address-bit DPA. At Step 514, the processor sets i=i+1. After that, the procedure returns to Step 508. After performing Step 506 for i=0, 1, . . . , (n−1), the processor at Step 516 performs the inverse RPC (RPC−1) transform on the value of the register T[0] and provides the inverse transformed value as an output.
Coron '99 describes that the SPA and DPA can be prevented by using Algorithms 5 and 6. As a method having a similar effect, a method which uses both of the RPC and the SPA-resistant Montgomery-Ladder is proposed in T. Izu, and T. Takagi, “A Fast Parallel Elliptic Curve Multiplication Resistant against Side Channel Attacks”, PKC 2002, LNCS 2274, pp. 280-296, Springer-Verlag, 2002 (Izu-Takagi). This method is characterized by the use of a scalar multiplication, called the Montgomery-Ladder, which takes the SPA countermeasure, rather than the binary method which uses the add-and-double-always (Algorithms 3 and 4). In the scalar multiplication R=dQ, the Montgomery-Ladder computes two points such that their difference is 1Q, by always performing the ECADD and ECDBL operations. The scalar multiplication which uses the SPA-resistant Montgomery-Ladder and the RPC in combination is shown below as Algorithm 7.
<Algorithm 7: Montgomery-Ladder (SPA-Countermeasure, RPC)>
T′[0] := RPC(Q)T′[1] := ECDBL(T′[0])for i = n−2 downto 0 { T′[2] := ECDBL(T′[di])...* T′[1] := ECADD(T′[0], T′[1]) T′[0] := T′[2 − di]...# T′[1] := T′[1 + di]...#}R   T′[0],where registers T′[0], T′[1] and T′[2] are temporary variables, d is an n-bit scalar value, di is the i-th LSB of the value d, and “←” represents the inverse transform of the RPC representation.
FIG. 7 shows a flow diagram of Algorithm 7 which is executed by the processor or encryption/decryption unit as shown in FIG. 1. FIG. 8 shows a block diagram implementing Algorithm 7.
Referring to FIG. 7, at Step 702, the processor assigns the RPC-transformed coordinate value of a point Q into the register T[0]. At Step 704, the processor performs the ECDBL operation on the value of the register T[0], and assigns the resultant doubled value into the register T[1]. Step 706 is a looping process for the variables i=(n−2), (n−1), . . . , 0. At Step 708 within Step 706, the processor performs the ECDBL operation on the value of the register T[di] in accordance with the value di of the i-th LSB of the key, and assigns the resultant product into the register T[2]. At Step 710, the processor performs the ECADD operation on the value of the register T[0] with the value of the register T[1], and assigns the resultant sum into the register T[10]. At Step 712, the processor assigns the value of the register T[2-di] into the register T[0] in accordance with the value di of the i-th LSB of the key. At Step 714, the processor assigns the value of the register T[1+di] into the register T[1] in accordance with the value di of the i-th LSB of the key. Steps 708, 712 and 714 can become targets of the address-bit DPA. At Step 716, the processor sets i=i−1. After that, the procedure returns to Step 708. After performing Step 706 for i=(n−2), (n−1), . . . , 0, the processor at Step 718 performs the inverse RPC(RPC−1) transform on the value of the register T[0] and provides the inverse transformed value as an output.
As a method having an effect similar to that of the RPC, a randomized curve (RC) method is proposed in M. Joye, and C. Tymen, “Protections against differential analysis for elliptic curve cryptography”, CHES 2001, LNCS 2162, pp. 377-390, Springer-Verlag, 2001 (JT 01). Like the RPC, the RC is a countermeasure against the DPA and uses a random value to represent a point on an elliptic curve. The way of applying the RC is the same as that of applying the RPC. Algorithms 5 and 6, and Algorithm 7 in which the RC is used instead of the RPC are shown below as Algorithms 5′ and 6′, and Algorithm 7′ by suffixing “′”. Each point expressed by the RC on the elliptic curve is shown by a variable with suffixed with “″”.
<Algorithm 5′: Binary Method (MSB, add-and-double-always, RC)>
T″[2] := RC(Q)T″[0] := T″[2]for i = n−2 downto 0 { T″[0] := ECDBL(T″[0]) T″[1] := ECADD(T″[0], T″[2]) T″[0] := T″[di]}R   T″[0],where registers T′[0], T′[1] and T′[2] are temporary variables, d is an n-bit scalar value, di is the i-th LSB of the value d, and “<←” represents the inverse transform of the RC representation.
FIG. 4 is also a block diagram implementing Algorithm 5′.
<Algorithm 6′: Binary Method (LSB, add-and-double-always, RC)>
T″[0] := OT″[2] := RC(Q)for i = 0 upto n−1 { T″[1] := ECADD(T″[0], T″[2]) T″[2] := ECDBL(T″[2]) T″[0] := T″[di]}R   T″[0],where registers T″[0], T″[1] and T″[2] are temporary variables, d is an n-bit scalar value, di is the i-th LSB of the value d, and “←” represents the inverse transform of the RC representation.
FIG. 6 is also a block diagram implementing Algorithm 6′.
<Algorithm 7′: Montgomery-Ladder (SPA-Countermeasure, RC)>
T″[0] := RC(Q)T″[1] := ECDBL(T″[0])for i = n−2 downto 0 { T″[2] := ECDBL(T″[di])...* T″[1] := ECADD(T″[0], T″[1]) T″[0] := T″[2 − di]...# T″[1] := T″[1 + di]...#}R   T″[0],where registers T″[0], T″[1] and T″[2] are temporary variables, d is an n-bit scalar value, di is the i-th LSB of the value d, and “←” represents the inverse transform of the RC representation.
FIG. 8 is also a block diagram implementing Algorithm 7′.
As described above, the methods for implementing the scalar multiplication R=dQ include a method known as the window method as well as Algorithms 1 and 2. For example, in a 4-bit window method, the zeroth to 15th multiples of Q are computed and the resultant values are stored in a table in the initializing process, and the secret key is processed on a 4-bit-window basis. The following Algorithm 8 is the most basic algorithm for implementing the 4-bit window method.
<Algorithm 8: Window Method (4-Bits)>
W[0] = OW[1] = QW[2] = ECDBL(Q)for i = 3 upto 15 { W[i] = ECADD(W[i−1], Q)}R := W[dn−1, n−4]for i = n−5 downto 0 step −4 { R := ECDBL(R) R := ECDBL(R) R := ECDBL(R) R := ECDBL(R) R := ECADD(R, W[di, i−3])},where d is an n-bit scalar value, it is assumed that n is a multiple of a value of 4 for simplicity, di,i−3 is a 4-bit value of the i-th to (i−3)-th bits of the value d, and W[i] represents a table for the window method.
When Algorithm 8 is used for the scalar multiplication of a point, there are no such operations that are performed or not performed depending on the bit value in d. Thus, generally the window method, unlike the binary method, is considered to be secure against the SPA. However, the window method, like the binary method, is not secure against the DPA, and can be analyzed by the technique of Coron '99, but it is known that, for the window method as well as the binary method, the RPC and RC are effective as countermeasures against the DPA. Algorithms which are formed by applying the RPC and RC to Algorithm 8 are shown below as Algorithms 9 and 9′, respectively.
<Algorithm 9: Window Method (4-Bit, RPC)>
W′[0] = OW′[1] = RPC(Q)W′[2] = ECDBL(W′[1])for i = 3 upto 15 { W′[1] = ECADD(W′[i−1], W′[1])}R′ := W′[dn−1,n−4]for i = n−5 downto 0 step −4 { R′ := ECDBL(R′) R′ := ECDBL(R′) R′ := ECDBL(R′) R′ := ECDBL(R′) R′ := ECADD(R′, W′[di, i−3])    ...*}R   R′,where d is an n-bit scalar value, it is assumed that n is a multiple of a value of 4 for simplicity, di,i−3 is a 4-bit value of the i-th to (i−3)-th bits of the value d, R′, Q′T′[0] and T′[1] are temporary variables, W[i] represents a table for the window method, and “←” represents the inverse transform of the RPC representation.
<Algorithm 9′: Window Method (4-Bit, RC)>
W″[0] = OW″[1] = RC(Q)W″[2] = ECDBL(W″[1])for i = 3 upto 15 { W″[i] = ECADD(W″[i−1], W″[1])}R″ := W″[dn−1,n−4]for i = n−5 downto 0 step −4 { R″ := ECDBL(R″) R″ := ECDBL(R″) R″ := ECDBL(R″) R″ := ECDBL(R″) R″ := ECADD(R″, W″[di, i−3])    ...*}R   R′,where d is an n-bit scalar value, it is assumed that n is a multiple of a value of 4 for simplicity, and di,i−3 is a 4-bit value of the i-th to (i−3)-th bits of the value d, and where R″, Q″, T″[0] and T[1] are temporary variables, W″[i] represents a table for the window method, and “←” represents the inverse transform of the RC representation.
FIGS. 9 and 10 show respective flow diagrams of Algorithms 9 and 9′ which are executed by the processor or encryption/decryption unit as shown in FIG. 1. FIGS. 11 and 12 show block diagrams implementing Algorithms 9 and 9′.
Referring to FIGS. 9 and 10, at Step 902, the processor assigns the coordinate value of a point 0 into the table W[0]. At Step 904, the processor assigns the RPC-transformed coordinate value of a point Q into the table W[1]. At Step 906, the processor performs the ECDBL operation on the value of the table W[1], and assigns the resultant product into the table W[2]. Step 908 is a looping process for the variables i=3, 4, . . . 15. At Step 910, the processor performs the ECADD operation on the value of the table W[i−1] with the value of the table W[1], and assigns the resultant sum into the table W[i]. At Step 912, the processor sets i=i+1. At Step 914, the processor assigns the value of the table W[dn−1, n−4] into R in accordance with the values dn−1, n−4 of the (n−1)-th, (n−2)-th, . . . (n−4)-th bits of the key.
Step 916 is a looping process for the variables i=(n−5), (n−6), . . . 0. Step 918 within Step 916 is a loop which is repeated to execute the process at four times or for four rounds. At Step 920, the processor performs the ECDBL operation on the value of the register R, and assigns the resultant product into R. Step 920 is repeated to be executed four times. At Step 922, the processor performs the ECADD operation on the value of the table W[di, i−3] with the value of the register R in accordance with the values di, i−3 of the i-th to (i−3)-th bits of the key, and assigns the resultant sum into the register R. Step 922 can become a target of the address-bit DPA. At Step 924, the processor sets i=i−4. After that, the procedure returns to Step 918. After performing Step 924 for i=(n−5), (n−6), . . . 0, the processor at Step 926 performs the inverse RPC(RPC−1) transform on the value of the register R and provides the inverse transformed value as an output.
Conventionally, it has been considered that Algorithms 5 to 7, Algorithms 5′ to 7′, and Algorithms 9 and 9′ provide security against the SPA and DPA. However, a technique for analyzing Algorithm 7 has been published in K. Itoh, T. Izu, and M. Takenaka “Address-bit Differential Power Analysis of Cryptographic Schemes OK-ECDH and OK-ECDSA”, Cryptographic Hardware and Embedded Systems (CHES 2002), Pre-proceeding, pp. 129-143 (hereinafter called IIT 02). While the conventional DPA (data-bit DPA) focuses on the power dissipation variations associated with data changes, the address-bit DPA is an analysis technique that focuses on the power dissipation variations associated with address changes.
For example, in the operation d indicted by “*” in Algorithm 7, whether either of T′[0] and T′[1] is used is determined accordance with the value of di. Thus, the address, at which the data used for the ECDBL operation is stored, is correlated with di. A similar situation occurs in the operation indicated by “#”. The address-bit DPA can use the correlation to analyze the secret key information d.
In the document IIT 02 above, the address-bit DPA is performed for the Montgomery-Ladder (Algorithm 7), but similar analysis can be applied to Algorithms 5, 6, and 5′ to 7′. Also in Algorithms 9 and 9′, there is a high degree of correlation between the value of the secret key information d and the table used for it in the operation indicated by “*”, and hence it is appreciated that a similar attack is applicable to them. Thus, Algorithms 5 to 7, Algorithms 5′ to 7′, and Algorithms 9 and 9′ may not be secure against the DPA if the address-bit DPA is used for analysis.
The document IIT 02 describes countermeasures against the address-bit DPA. The countermeasures described in IIT 02 are implemented by applying, to Algorithms 5 to 7, techniques of randomly changing the scalar values, such as the exponent-blinding proposed in Coron '99, and Messerges '99; the exponent-splitting proposed in C. Clavier, and M. Joye, “Universal exponentiation algorithm—A first step towards provable SPA-resistance—”, Cryptographic Hardware and Embedded Systems (CHES 2001), and Lecture Notes in Computer Science vol. 2162, Springer-Verlag, pp. 300-308 (CJ 01); and the overlapped window method proposed in J. Yajima, K. Itoh, M. Takenaka, and N. Torii “DPA countermeasure by improving the window method”, Cryptographic Hardware and Embedded Systems (CHES 2002), and Pre-proceeding, pp. 304-319 (YIIT 02).